Cisco IP Telephony Security:

Cisco IP Telephony Security:

Techniques to Protect Voice

Richard Dodsworth Consulting Engineer

Cisco Systems, Singapore

Do You Know What a Phreaker (Voice) or a Hacker (Data) Looks Like?

ƒ Attacks against

IP Telephony endpoints

Reconnaissance DHCP starvation

Eavesdropping/Man-in-the-middle Directed TCP and ICMP attacks

ƒ Attacks against

IP Telephony servers

Worms, viruses and trojans DoS and DDoS

Directed probes, floods

ƒ Attacks against IP Telephony applications

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

Network Hardening for Phones

Phone Hardening Securing TFTP

Encrypted Communications 802.1X and IP Phones

Phones over the Internet

ƒ Protect IP Telephony Servers

Telephony Servers

PSTN

Secure Voice by First Securing the Network

General Security Practices

ƒ Out-of-band management

ƒ SSH/HTTPS

ƒ Permit lists

ƒ Routing auth

ƒ NIDS

ƒ Security mgmt

Catalyst Integrated

Security Features (CISF)

ƒ Separate voice & data VLANs

ƒ VLAN ACLs (VACLs)

ƒ DHCP Snooping

ƒ Dynamic ARP Inspection

ƒ IP Source Guard

ƒ Port Security

ƒ Scavenger-class QoS

ƒ Firewall or ACL in front of telephony servers

ƒ Rate Limiting

MicroFlow Policing in 6K

Separate Voice and Data VLANs

Telephony Servers

VLAN Access Control Lists (VACLs)

• Phones only send signaling to servers and RTP to each other

• No reason to send TCP or ICMP to each other

• Stops TCP and ICMP

attacks

GARP:

I’m 10.1.1.2 GARP:

I’m 10.1.1.1

DAI Off

10.1.1.1 ISG: I Don’t 10.1.1.2

Think So!

aa-aa-aa-aa-aa-aa bb-bb-bb-bb-bb-bb

DAI: No, You’re Not

10.1.1.1 aa-aa-aa-aa-aa-aa 1/0 10.1.1.2 bb-bb-bb-bb-bb-bb 1/1 10.1.1.4 dd-dd-dd-dd-dd-dd 1/3

10.1.1.3

cc-cc-cc-cc-cc-cc

10.1.1.4

dd-dd-dd-dd-dd-dd

Static DHCP

X

10.1.1.2 cc 10.1.1.1 cc

X

DAI On

Successfully Stops ettercap, dsniff

ARP Cache 10.1.1.1 aa 10.1.1.3 cc 10.1.1.4 dd ARP Cache

10.1.1.2 bb 10.1.1.3 cc 10.1.1.4 dd

TCP:

I’m 10.1.1.2

ƒ Built on DHCP snooping binding table

ƒ Dynamic ARP inspection watches ARP/GARP for violations

ƒ IP source guard examines every IP packet

ƒ Will drop packets or disable port

Stop Man-in-the-Middle Attacks

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

Network Hardening for Phones Phone Hardening

Securing TFTP

Encrypted Communications 802.1X and IP Phones

Phones over the Internet

ƒ Protect IP Telephony Servers

Hardening the Endpoints

ƒ Signed firmware

ƒ Signed config files

ƒ Disable

PC port

Settings button Speakerphone Web access

Cisco CallManager 4.x View

Cisco CallManager 5.0 View

Browse into a Phone

I Learn

ƒ IP address/mask

ƒ Default gateway

ƒ DHCP server

ƒ DNS server

ƒ TFTP server

ƒ Cisco CallManager(s)

ƒ Directory server

ƒ Logon server

ƒ XML server

ƒ If I’m reconning your network, I can learn an awful lot about your network by

webbing into a single phone

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

Network Hardening for Phones Phone Hardening

Securing TFTP

Encrypted Communications 802.1X and IP Phones

Phones over the Internet

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

Securing TFTP

Cisco CallManager

X X

ƒ Signed firmware images

Introduced in CCM 3.3(3)

ƒ Signed config files ¹

Introduced in CCM 4.0

ƒ Encrypted config Files ^{1, 2}

Introduced in CCM 5.0

Encrypted Configuration File Keys

Depends on if the Phone Has a Certificate

ƒ Can use public key if phone has a certificate

– CAPF used to cache keys in database

ƒ Must manually enter into phone otherwise

Encrypted Configuration Parameter

Encrypted Config = True

ƒ If TFTP has key, config file is encrypted

ƒ If TFTP doesn’t have key, config file cannot be created

Encrypted Config = False

ƒ Unencrypted config file contains NO credentials

Now on

Security

Profile page

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

Network Hardening for Phones Phone Hardening

Securing TFTP

Encrypted Communications

802.1X and IP Phones Phones over the Internet

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

Certificate-Based Authentication and Encryption

ƒ TLS—Transport Layer Security (RFC 2246) between Cisco CallManager and endpoints

RSA signatures

HMAC-SHA-1 auth tags AES-128-CBC encryption

ƒ SRTP—Secure RTP (rfc3711) between endpoints

HMAC-SHA-1 auth tags

AES-128-CM encryption

Encryption in CCM 4.1

Certificate-Based Authentication and

SCCP TLS and SRTP Support in 7906/7911/7940/7960/7941/7961/7970/7971 IPSec and SRTP to

MGCP Gateways

TLS to SIP Trunks

Including

• In SRST mode

• Over H.323 ICT

TLS and SRTP for Apps

• Cisco Unity ^® 4.0(5)

• IPCC 7.0

• CTI

TLS IPSec SRTP

SIP TLS and SRTP Support in 7906/7911/7941/7961/7970/7971 Full Interoperability Between Secure SCCP and Secure SIP and H.323 *

Encryption in CCM 5.0

SRTP for SIP Phones

ƒ Phones indicate capability for SRTP in SDP of SIP message

ƒ SIP phones generate their own session keys, unlike SCCP

ƒ Interoperates with secure SCCP, H.323, MGCP, etc.

ƒ No support for encryption to third party

phones—yet

CTI TLS and SRTP

Integrity and Privacy to CTI applications

ƒ Works just like a phone – Cert / CTL / TLS / SRTP

ƒ Cert tied to a user name/instance ID

ƒ SRTP for MTP on Route Points

ƒ Can share session keys

for multiple call legs –

used by partners to

record encrypted calls

SIP Trunk TLS

Cisco CallManager Configuration

• Create a SIP Trunk Security Profile

• Configure the SIP Trunk

to use that profile

CA Server: crypto pki server <ca-server-name>

RSA Key Pair: crypto key gen rsa general-keys label <label> mod 1024 Trustpoint:

crypto pki trustpoint <ca-server-name>

enrollment url <http://ca-server-ip>

rsakeypair <rsa keypair label>

Auth Trustpoint: crypto pki authenticate <ca-server-name>

Enroll Trustpoint: crypto pki enroll <ca-server-name>

session transport tcp tls sip-ua

crypto signaling default trustpoint <trustpoint-label>

transport tcp tls

Configure TLS

voice service voip sip

url sips

SIP URL

SIP TLS

Gateway Configuration

Build the PK Structure

12.4(6)T

SRTP Allowed Checkbox

H323 Gateway

Outbound Faststart Checkbox Is

H.323 Trunk or Gateway

Cisco CallManager Configuration

voice service voip srtp

or

srtp fallback

Voice-card 1

codec complexity secure

Hardware that supports SRTP (H.323, MGCP, SIP)

• NM-HDV2 (all flavors)

• NM-HDV (all flavors)

• NM-HD-1V/2V/2VE

• PVDM2

• AIM-VOICE-30

• AIM-ATM-VOICE-30

H.323 Gateway

Gateway Configuration

Gateway Configuration:

* Command only used on DSP 549/5421 based voice-cards;

not required on DSP 5510 (PVDM2) cards

12.4(6)T

IP-to-IP Gateway

Cisco CallManager

Encrypted Call Using SRTP

SBC

Cisco CallManager

SBC

IPSec and SRTP Secure Calls Through IP-to-IP Gateway

ƒ Signaling over IPSec / Media over SRTP

ƒ Works with or without IP-IP Gateway in place

IPSec Tunnel

IPSec Tunnel

Secure IP Phone

Cisco CallManager

Secure Gateway Encrypted Media

Non-Secure IP Phone Call Transfer

Une ncry pted Med ia

Secure Gateway

MOH

Unencrypted Media

No Encryption Capability

RTP/SRTP Mixed-Mode

Secure Call Transfer:

MOH Connection:

Encryption Performance Considerations

ƒ Cisco CallManager CPU and memory impact considered in device weight calculator

ƒ 7940 / 7960 only support one SRTP stream and no wideband codec

ƒ SRTP adds 4 bytes and 15 microseconds

ƒ SRTP works with cRTP or IPSec

ƒ IPSec design, admin, bandwidth and CPU

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

Network Hardening for Phones Phone Hardening

Securing TFTP

Encrypted Communications 802.1X and IP Phones

Phones over the Internet

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

802.1X and IP Telephony

(AAA)

Requirement

• Phone only transmits on voice VLAN

• PC only transmits on data VLAN

Limitations – The 802.1X spec has no provision for

• More than one device on a port

• No authentication to a specific VLAN

• No binding to restrict an authenticated device to only transmit on authorized VLAN

Future Solution

ƒ Landscape

Many customers are asking for 802.1X in phones

Cisco phones support Proxy EAPOL-Logoff today

Planned supplicant support in

the future

Cisco ACS (AAA)

DHCP Snooping Binding

IP-SG DAI

Voice VLAN

20

MAC-A IP–20.2

A 20.2 20

802.1X

Access VLAN

15 25

MAC-B IP–25.2

B 25.2 25

M A C -B

802.1X Proxy EAPOL-Logoff Used with Other Security Features

ƒ Phone monitors EAPOL transactions

ƒ Sends Proxy EAPOL-Logoff with link loss on PC port

1. PC sends EAPOL-Logon—

Phone watches

2. Authenticator queries AAA 3. AAA returns new VLAN ID 4. PC sends DHCP request

5. DHCP Snooping Binding created 6. IP-SG & DAI monitor for compliance

7. When PC disconnects, phone sends untagged

EAPOL-Logoff

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

Network Hardening for Phones Phone Hardening

Securing TFTP

Encrypted Communications 802.1X and IP Phones

Phones over the Internet

ƒ Protect IP Telephony Servers

IP Phones over the Big I

ƒ V3PNs protect all traffic, not just voice

ƒ Terminate at HQ end in VPN concentrator or large router

ƒ VPN Client in phones being considered

ƒ Cisco PhoneProxy

from Metreos aquisition

Telephony Servers

Telecommuter

DMZ

PSTN

Internet

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

Firewall Traversal

Cisco CallManager and IPSec

Windows for Cisco CallManager 4.x and Other Apps

Appliance Model for Cisco CallManager

5.0

ƒ Stateful inspection of protocols that use ephemeral port ranges

ƒ Otherwise, have to open entire port range in static ACL

ƒ LLQ and Rate Limiting now available in PIX ^® & ASA 7.0

Place a Firewall or ACL in Front of Telephony Servers

Why Firewall?

Firewalls and Voice with

Inspection Engines Enabled

How much firewall do I need? Generally …

• 1–250 phones – ASA 5510, PIX 515E

• 250–1500 IP phones – ASA 5520, PIX 525

• 1500–30000 IP phones – ASA 5540*, PIX 535, FWSM If all it’s doing is voice

Average 60% CPU or less

Stateful failover for VoIP Inspection Engines

• Active/Stand-by or Active/Active

Firewalls and Encrypted Voice with Inspection Engines Disabled

ƒ Fix-ups lose their ability to inspect

ƒ Can use ACLs to allow signaling and RTP

– PIX and ASA 7.0 supports “established” ACL – doesn’t work with UDP

ƒ Packets arriving on the more trusted interface will open the connection

– Doesn’t work with FWSM

– Still need ACL for routing updates, RSVP, etc.

ƒ Work in progress

– STUN, ICE, midcom News Flash: Watch for TLS

Proxy in PIX/ASA by year end!

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

Firewall Traversal

Cisco CallManager and IPSec

Windows for Cisco CallManager 4.x and Other Apps

Appliance Model for Cisco CallManager

5.0

IPSec to a Branch Office or DR Site

ƒ Question of trust

ƒ Protect all traffic, not just voice

ƒ Clustering-over-the-WAN metrics

ƒ Can config in CallManager

IP WAN

Telephony Servers

SRST Router Disaster Recovery

Site or

Distributed Cluster

ƒ Better to terminate in VPN concentrator or router – Performance

– Configuration complexity – Organizational boundaries

A bit more on IPSec later

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

Firewall Traversal

Cisco CallManager and IPSec

Windows for Cisco CallManager 4.x and Other Apps

Appliance Model for Cisco CallManager 5.0

ƒ

Protecting the Windows Operating System for CallManager 4.x and Other Telephony Apps

ƒ Hardened Win2K OS shipped by default

ƒ Aggressive security patch and hotfix policy

ƒ Cisco Security Agent (CSA) on all telephony apps

ƒ AV from McAfee, Symantec, or Trend Micro

ƒ Site-specific Optional Security features documented

80% of attacks against Windows are targeted at IIS !!!

• Turn off IIS & WWW on the

Subscribers - Set to Manual for

Installer

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

Firewall Traversal

Cisco CallManager and IPSec

Windows for Cisco CallManager 4.x and Other Apps

Appliance Model for Cisco CallManager

5.0

CallManager 5.0 Appliance Model Security

• Appliance model makes file system and OS apps inaccessible

ƒ Only allows images to be installed that have been signed by Cisco

ƒ SSH / SFTP / SNMPv3 / Security Passphrase / Password Recovery

ƒ Industry-recommended security practices followed

ƒ Security events logged

Belong to CallManager, i.e.

CallManager holds the private key for that certificate

Other devices that CallManager

X.509 Certificate Management UI:

Display Certificate

Secure Remote Access New in CallManager 5.0

ƒ Log Off button on web pages

ƒ 30 minute inactivity logout timer

ƒ All web pages use HTTPS

ƒ Directory queries can use LDAP over SSL

ƒ New Security Profile abstract configures common security features to multiple devices

ƒ Different CCMAdmin and Platform

passwords

Cisco Security Agent

ƒ Cisco Security Agent is installed as part of Cisco CallManager 5.0 platform

ƒ No configuration necessary

ƒ Start and Stop from Control Center or CLI

ƒ No Managed Agent support

with initial release

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

Cisco CallManager Cisco Unity

IPCC Enterprise

Digest Authentication for SIP CallManager 5.0

ƒ Based on RFC 3261 & RFC 2617

ƒ Username / Password Auth Mechanism

ƒ Client / Server Model

– Server Challenges, Client responds

The trick is getting the password into the phone

• Can use public key for phones with MIC

CallManager 5.0 Directory Integration

• Optional Directory Integration now native to CallManager admin

• All users stored in CallManager database

• Can be configured locally – GUI or BAT

• Can be ‘Synchronized’ (extracted) from LDAP directory – AD or Netscape

Corporate Directory Endpoint Users

App Users Web Users

• Authentication can be local or against LDAP directory

• Queries can be sent from CallManager or other

applications

(Unity, MeetingPlace, IPCC, etc.)

• No more AD Plug-in

• No more schema extensions

Directory Authentication Architecture

CallManager 5.0 Server WWW

Password Authentication

IMS

DB

Corporate Directory

(Microsoft AD, Netscape/iPlanet)

DirSync User Data

Synchronization Application user

passwords and EM PIN’s are always

authenticated against CCM DB

Att.

Express IPCC

Password

Authentication PIN

Authentication

Prevent User Toll Fraud

ƒ Protect against call forwarding and trunk-to-trunk transfer exploits

ƒ Partitions and Calling Search Spaces limit what parts of the dial plan phones have access to

ƒ Dial plan filters control access to exploitive phone numbers, such as 900

ƒ Forced authentication codes or client matter codes prevent unauthorized calls and

provide a mechanism for billing and tracking

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

Cisco CallManager Cisco Unity

IPCC Enterprise

Host and Network Hardening

ƒ Manually harden Win2K OS, SQL, LDAP and SMTP Exchange/Domino servers

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/whitpapr/secure40.htm http://www.cisco.com/univercd/cc/td/doc/product/voice/c_unity/whitpapr/tcpudp.htm

ƒ User account policies

Minimum password/PIN lengths and complexity Password/PIN reuse and expiration

One-time PIN tokens Number of login failures

ƒ Class-of-service restrictions

ƒ Secure active directory infrastructure

ƒ HTTPS for all web access—admin and user

ƒ New in Unity 4.0(5)

TLS and SRTP support

Secure private messages

Private Secure Messaging

ƒ Private secure messaging encrypts voice messages

ƒ Secure private message forwarded outside the

organization via Outlook results in a message telling the recipient the content not accessible

ƒ Lotus Notes restricts private

messages from being forwarded at all

ƒ Secure private messages can only

be accessed over the telephone

by dialing into the Cisco Unity

system

Voice Security Defense-in-Depth

ƒ Protect IP Telephony Endpoints

ƒ Protect IP Telephony Servers

ƒ Protect IP Telephony Applications

Cisco CallManager Cisco Unity

IPCC Enterprise

IPCC Enterprise 7.0

ƒ Pervasive SSL (config, admin, reporting,

management)

ƒ TLS for agent desktops

ƒ Application-level IPSec

ƒ Secure VNC and encrypted terminal services

ƒ Authenticated and encrypted SNMPv3

ƒ Locked down IIS

ƒ Windows—2003 Advanced

TL S

TL S

How Much Security Is Enough?

Security Is a Balance Between Risk and Cost

Managed CSA/VMS SLDAP

Optional OS Hardening HTTPS

Security Info Management VPN—SOHO/Mobile

Antivirus

Network Anomaly Detection Catalyst ^® Integrated Security

Unmanaged CSA

NAC / 802.1X Rate Limiting

Standard OS Hardening

Complex Firewalls Simple Firewalls

Basic Layer 3 ACLs

Gold

New, Hard, Not Integrated

Silver

Moderate, Reasonable

Bronze

Default, Easy, No-Brainer

Cost—Complexity—Manpower—Overhead

Further Reading

Outside Publications

ƒ NetworkWorldFusion: Breaking Through IP Telephony

http://www.networkworld.com/reviews/2004/0524voipsecurity.html

ƒ US DoD PBX1 and PBX2 Accreditation

http://jitc.fhu.disa.mil/tssi/apl/apl_cisco.html

• NIST: ‘Security Considerations for VoIP Systems’

http://csrc.nist.gov/publications/nistpubs/800-58/SP800-58-final.pdf

ƒ eWeek: ‘VoIP Is As Secure As You Make It’

http://www.eweek.com/article2/0,1759,1592801,00.asp

ƒ Ziff Davis: ‘Securing Your Network for VoIP’

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns391/c654/cdccont_0900a ecd801e6159.pdf

ƒ Converge!: ‘Enterprise Security – An Enabler of VoIP’

http://www.convergedigest.com/blueprint/ttp04/z4cisco1.asp?ID=141&ctgy=4

Further Reading

Cisco Whitepapers and App Notes

ƒ VTG VP Discusses Cisco's Leadership in Protecting IPT

http://newsroom.cisco.com/dlls/2005/hd_071805.html?CMP=AFC-001

ƒ CallManager and IP Telephony Design Guides

www.cisco.com/go/srnd

ƒ SAFE Security Blueprints

www.cisco.com/go/security

ƒ Cisco IP Telephony Security Collateral

www.cisco.com/go/ipcsecurity

ƒ 802.1X and IPT Positioning Paper

Further Reading

Cisco Documentation

ƒ Cisco CallManager Security, Virus Protection Guides, and TCP / UDP Port Lists

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/sec_vir/index.htm

ƒ Configuring IPSec Between a Microsoft Windows 2000

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example 09186a00800b12b5.shtml#intro

ƒ Proxy EAPOL-Logoff Release Note

http://www.cisco.com/univercd/cc/td/doc/product/voice/c_ipphon/english/ipp7960/relnotes/

72_200rn.htm#wp1104620

ƒ Signed Firmware Release Note

http://www.cisco.com/en/US/products/hw/phones/ps379/prod_release_note09186a00801c

7164.html

Further Reading

CiscoPress – VoIP

ƒ Cisco CallManager Fundamentals, 2 ^nd Edition

John Alexander, Chris Pearce, Anne Smith, Delon Whetten ISBN: 1587051923; Published: Sep 22, 2005; Copyright 2006

ƒ Cisco IP Telephony: Planning, Design, Implementation, Operation, and Optimization

Salman Asadullah, Ramesh Kaza

ISBN: 1587051575; Published: Feb 23, 2005; Copyright 2005

ƒ Cisco CallManager Best Practices: A Cisco AVVID Solution

Salvatore Collora, Ed Leonhardt, Anne Smith

ISBN: 1587051397; Published: Jun 28, 2004; Copyright 2004

Further Reading

CiscoPress – Security and QoS

ƒ The Complete Cisco VPN Configuration Guide

Richard Deal

ISBN: 1587052040; Published: Dec 15, 2005; Copyright 2006

ƒ Cisco ASA and PIX Firewall Handbook

David Hucaby

ISBN: 1587051583; Published: Jun 7, 2005; Copyright 2005

ƒ End-to-End QoS Network Design: Quality of Service in LANs, WANs, and VPNs

Christina Hattingh, Tim Szigeti

ISBN: 1587051761; Published: Nov 9, 2004; Copyright 2005